- Four-way Handshake in WPA-Personal (WPA-PSK)
- 3 Answers 3
- WPA encrypted four-way handshake process
- 2. The composition of PTK
- Third, the generation of PTK
- Four, WPA four-way handshake process
- Grow Wifi
- Comments
- Post a Comment
- Popular posts from this blog
- 802.11w Protected Management Frames (PMF)
- Wifi Roaming Techniques : Pre-Authentication, PMK Caching, OKC, Fast Transition — 11r
- Start with Wifi Basics — Part 1: Scanning
Four-way Handshake in WPA-Personal (WPA-PSK)
Can someone explain to me in what consists the Four-way Handshake in WPA-Personal (WPA with Pre-Shared Key), which informations are being sent between AP and client, how is it possible to find the AP Pre-Shared Key from these informations after we capture the Four-way Handshake.
You used the passwords tag, is that because you wanted information specific to WPA-Personal (aka WPA-PSK)?
well I dont know exactly , I just want to know how to its wpa authentication work , so maybe both of them if its possible ?
For anyone looking, the answer on this question seems a bit more accurate: security.stackexchange.com/q/66008 The answers here make it sound difficult to retrieve the key, but the difficulty actually depends on the length/complexity of the PSK and can be trivial if it is weak.
3 Answers 3
This book is a very good resource on wireless security. This section explains the details of the four-way handshake, but you really need to read the whole chapter to understand it.
Both WPA2-PSK and WPA2-EAP result in a Pairwise Master Key (PMK) known to both the supplicant (client) and the authenticator (AP). (In PSK the PMK is derived directly from the password, whereas in EAP it is a result of the authentication process.) The four-way WPA2 handshake essentially makes the supplicant and authenticator prove to each other that they both know the PMK, and creates the temporal keys used to actually secure network data.
Capturing the four-way handshake will not divulge the PMK or PSK (since capturing the handshake is trivial over wireless this would be a major vulnerability). The PMK isn’t even sent during the handshake, instead it is used to calculate a Message Integrity Check (MIC). You basically need to perform a dictionary or bruteforce attack on the handshake until you find a password which results in the same MIC as in the packets.
WPA encrypted four-way handshake process
In order to solve the insecurity of wireless transmission, it is necessary to control the access of the wireless connection and realize the encryption and decryption of frame propagation. The WPA four-way handshake is somewhat equivalent to a «secure» negotiation and «exchange» of secret keys. This secret key is PTK (Pairwise Transient Key), which transmits the secret key in pairs.
2. The composition of PTK
PTK consists of 4 parts: KCK (Key Confirmation Key), KEK (Key Encryption Key), TK (Temporal Key), and MIC.
| KCK | Used to verify integrity during EAPOL4-way shake |
|---|---|
| KEK | Used to encrypt GTK and other data in 3/4 of EAPOL4-way shake |
| TK | Used to encrypt unicast data |
| MIC | Michael integrity check in TKIP mode when used for data transmission, CCMP does not |
The total length of PTK varies according to different encryption methods.
When the encryption method is TKIP, the PTK is 512 bits long, and in sequence, KCK occupies 128 bits, KEK occupies 128 bits, TK occupies 128 bits, and MIC occupies 128 bits.
When the encryption method is CCMP, the PTK is 384 bits long, and in sequence, KCK occupies 128 bits, KEK occupies 128 bits, and TK occupies 128 bits.
Third, the generation of PTK
To generate PTK, 5 necessary elements are required*: PMK, ANonce (Nonce 1, random number generated by AP), SNonce (Nonce2, random number generated by STA), AuthenticateMAC (MAC1, AP’s MAC), SupplicantMAC (MAC2, STA’s MAC)
Among the four outputs in the above figure, DataEncr and DataMIC together are TK, and EAPOLEncr/MIC corresponds to KEK and KCK respectively. _
Four, WPA four-way handshake process
1. The AP sends its own random number (ANonce) to the STA, and the STA can generate a PTK after receiving the ANonce.
2. The STA sends its own random number (SNonce) and the MIC in the generated PTK to the AP. After the AP receives the SNonce, it can generate a PTK and compare the received MIC with the self-generated MIC for integrity verification. If the verification fails, the handshake fails.
3. After the verification is successful, the AP uses PTK to encrypt the GTK, and then transmits the encrypted GTK to the STA.
4. The STA uses the PTK generated by itself to decrypt the GTK, while verifying the MIC, and if there is no error, it sends an ACK for confirmation.
Note: GTK only contains the Key of the data transmission part, that is, GroupEncryption Key (encryption and decryption) and Michael Authenticator MIC Key (integrity check). It does not contain the EAP-Key part, so it has only 256 bits.
Learn from the blog post: WPA 4-way handshake、About WPA/WPA2 4-way handshake
Grow Wifi
Before we understand the 4-way key hand shake let us understand few definitions:
PMKSA
The Pairwise Master Key Security Association (PMKSA) is created after a successful 802.1x negotiation as part of EAP, or when a Preshared Key (PSK) is configured. It ties the PMK to a lifetime, the authenticator MAC address, and other authorization information.
PTKSA
The Pairwise Transient Key Security Association (PTKSA) is created after the 4-way handshake completes. It is dependent on the PMKSA and is stored for as long as the PMKSA is valid or until the station is deauthenticated. The PTKSA includes the supplicant and authenticator MAC addresses, the pairwise cipher suite selected, and the PTK itself.
GTKSA
The Group Transient Key Security Association (GTKSA) is created during the 4-way handshake or updated during a group key handshake. It stores the GTK, the broadcast/multicast cipher suites, and for which direction the GTK is good. GTK is used for Broadcast/Multicast traffic only.
The Access Point and the 802.11 Station generate a random sequence at their respective ends these are called as Nonce.
The Access point random sequence is termed as ANonce (Short for AP Nonce) and the 802.11 Station random sequence is termed as SNonce (Short for Station Nonce)
The 802.11 Station – now has all the material to generate the Pairwise Transient Key – PTK, a key which is used to generate further keys and temporal keys for Data encapsulation.
The 802.11 station sends the Station Nonce to the AP in EAPOL Message 2 along-with a MIC value (i.e. MIC(Key Confirmation Key, EAPOL)) which is computed over the body of the EAPOL key frame with the Key MIC field initially set to Zero. MIC is used to verify if both ends have derived the same PTK or not. If the PTK derived is not same, then MIC wont be same and will result in MIC check failure.
The Access Point on receipt of the SNonce – generates the Pairwise Transient Key and re-computes the MIC at its end.
The Access Point goes ahead verifies the MIC at its end and in response sends the following to the 802.11 station in EAPOL Message 3
- Install PTK set to 1
- The Group Temporal Key (GTK) for Multicast traffic, if GTK is pre-negotiated
- Receive Sequence Counter for the GTK key
- MIC computed over the EAPOL frame
The supplicant verifies the MIC and sends Message 4 to the Access point with a MIC calculation. At this Juncture – the 802.11 station has the necessary Key material to configure to the hardware and the 802.11 station can go ahead and configure the Hardware with the PTK and the GTK
The Access point on receiving Message 4, will verify the MIC computed and invoke its MLME.SETKEYS request to install the PTK and GTK
Finally the Data port is opened and unicast Data can be transmitted using the temporal keys in PTK and Multicast data using the GTK
Note: The above flow is for WPA2. In WPA, there is a separate 2-way handshake after 4-way handshake to generate the GTK and install them.
- Get link
- Other Apps
Comments
Post a Comment
Popular posts from this blog
802.11w Protected Management Frames (PMF)
802.11w Protected Management Frames Why? As you are aware that Management Frames are not encrypted in WLAN networks and this causes WLAN networks to be vulnerable to Denial of Service Attacks (DoS). Let us see a few of the Denial of Service attacks which Attackers can use to disrupt few or all of the users in a WLAN network. DoS Attacks Following frames can break the existing wireless connection (without PMF support) and will lead to Denial of Service attack. Sending Deauth or Disassoc notification to AP Sending (Re) Association request to AP. Sending Auth frame to AP. Sending Deauth or Disassoc notification to Station Sending Channel switch announcement to Station. How to solve the problem? Once the 4 way Handshake is done, the AP and the STA have the PTK and GTK to encrypt data. The same keys can now be used to encrypt Management frames to provide a certain level of Protection against DoS Attacks. Access Point and the Station both needs to have s
Wifi Roaming Techniques : Pre-Authentication, PMK Caching, OKC, Fast Transition — 11r
Wifi Roaming Techniques: Roaming is one of the most crucial aspect of Wifi. Roaming in simple terms is Handing off Client connectivity from one Access point to another without losing connectivity. When the Client sees that the RSSI ( signal Strength ) of connected AP is decreasing, the Client does a roam Scan and sees if there are other APs with better RSSI. Once it identifies the better AP, it starts association with this AP. This process is called Roaming. Why is Roaming Important: Wifi is mostly used in devices which are mobile such as mobile phones, Laptops etc. User intend to use these device while moving from one place to another and it is expected that the devices are always connected to wifi and the user can continue his work seamlessly. It would not be desirable that wifi keeps disconnecting and connecting to other Access Point while the user is moving, there should be a way where in the client can remain connected to wifi network while it moves. This issue is add
Start with Wifi Basics — Part 1: Scanning
Let us start with the basics of Wifi: Well if you want to connect to a Wifi Network, the first thing would be that your device finds it. The device finds the available Wifi networks in its vicinity by a process called «Scanning». Scanning is a process that a wifi station/client does to search the available networks around it. This can be done in two ways: Active Scanning Passive Scanning Active Scanning : In this, the Wifi Station (your Laptop, your mobile phone etc) sends out a packet called Probe Request in each of the available channels and then waits to listen to a response from the Access Point ( A device that serves Wifi, usually seen hanging on the ceiling in offices) called a Probe Response. This packet contains the information like the SSID ( name of the network ), security Info ( what kind of security is required to connect to this network), Country Info, Channel info, Data rates etc. Passive Scanning: In this, the Wifi Station just listens for Beacon